Bug 962426 - [RFE] Add support for kerberos
[RFE] Add support for kerberos
Product: Fedora
Classification: Fedora
Component: nginx (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jamie Nguyen
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-05-13 09:16 EDT by Tomas Tomecek
Modified: 2013-08-26 15:01 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-08-26 15:01:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
added upport for spnego (kerberos) (19.25 KB, patch)
2013-05-15 04:19 EDT, Tomas Tomecek
no flags Details | Diff

  None (edit)
Description Tomas Tomecek 2013-05-13 09:16:31 EDT
Description of problem:
Compile nginx with Kerberos (spnego) support

Additional info:
There is nginx [1] module (actually, not just one [2][3]) that supports spnego. This would be really handy when running nginx in corporate domain. I'll try to build it myself (scratchbuild in koji) and if successful I'll post patch here.

[1] https://github.com/stnoonan/spnego-http-auth-nginx-module
[2] https://github.com/muhgatus/spnego-http-auth-nginx-module
[3] https://github.com/ifad/spnego-http-auth-nginx-module
Comment 1 Tomas Tomecek 2013-05-15 04:19:12 EDT
Created attachment 748141 [details]
added upport for spnego (kerberos)

So I added patch (it is patched specfile, el6 branch -- fedora is pretty similar) and with this binary I was able to use kerberos with nginx. I think it would be pretty awesome, if nginx were build with the spnego module. I used this one [1].

[1] https://github.com/stnoonan/spnego-http-auth-nginx-module
Comment 2 Jamie Nguyen 2013-05-26 15:38:09 EDT
Thanks for your comments.

We've had a few requests for third-party modules. I'll try looking into doing things similar to Debian (with nginx-full, nginx-light, nginx-extras packages). I'll keep you posted.
Comment 3 Jamie Nguyen 2013-05-26 15:40:33 EDT
One of the main issues with supporting third-party modules is that sometimes they can hold back upgrading to the latest version of nginx. We pretty much always want to be tracking the latest version of nginx, and I'm not sure I like the idea of picking up extra modules, only to have to drop them intermittently and add them back some time in the hand-wavy future once their development has caught up with upstream.
Comment 4 Tomas Tomecek 2013-05-27 04:06:30 EDT
Okay, that's reasonable. It would be really inconvenient to hold update back due to some module. Feel free to close this (patch is here if someone would need it).
Comment 5 Jamie Nguyen 2013-08-26 15:01:17 EDT
Closing for now, but I do plan to explore the possibility of including third-party modules (possibly in a similar fashion to how Debian do things).

Note You need to log in before you can comment on or make changes to this bug.